3100 matches found
GnuPG 1.x - Detached Signature Verification Bypass
source: https://www.securityfocus.com/bid/16663/info GnuPG is affected by a detached signature verification-bypass vulnerability because it fails to properly notify scripts that an invalid detached signature was presented and that the verification process has failed. Exploiting this issue allows...
Invision Power Board Army System Mod 2.1 - SQL Injection
?php / --------------------------- EXPLOIT --------------------------- Invision Power Board Army System Mod 2.1 SQL Injection Exploit Tested on: Latest version 2.1.0 Discovered on: 06.02.2006 by Alex & fRoGGz Credits to: SecuBox Labs PLEASE READ THIS ! The query of the SQL Injection depends about...
ImageVue 0.16.1 - 'index.php?bgcol' Cross-Site Scripting
source: https://www.securityfocus.com/bid/16594/info ImageVue is prone to multiple vulnerabilities, including unauthorized uploading of files with arbitrary extensions, authentication bypass, information disclosure, and content injection. Successful exploitation could allow attackers to upload an...
xeCMS 1.0.0 RC 2 (cookie) Remote Command Execution Exploit
Exploit for unknown platform in category web applications ========================================================== xeCMS 1.0.0 RC 2 cookie Remote Command Execution Exploit ========================================================== !/usr/bin/perl xeCMS 1.0.0 RC 2 Remote Command Execution Exploit...
EggBlog 2.0 - id SQL Injection
EggBlog 2.0 - id SQL Injection source: https://www.securityfocus.com/bid/16305/info Eggblog is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these vulnerabilities could...
CiscoPhoneDos.pl.txt
!/usr/bin/perl This is made for trashing cisco 7940 ip phones. kokanin made/discovered this. A packetcount of 1000 and a packetdelay of 0.002 sent to port 80 makes my phone reboot - play with the settings and stuff. PRIVATE PRIVATE PRIVATE!!! use Net::RawIP; use Time::HiRes; $pkt = new Net::RawIP...
Magic News Plus <= 1.0.3 Admin Pass Change Exploit
No description provided by source. !/usr/bin/perl Magic News Plus =1.0.3 Admin Pass Change Exploit Copyright c 2006 cijfer [email protected] All rights reserved. An input validation flaw exists within 'settings.php' of Magic News Plus which can lead to the changing of the administrative password...
Foro Domus 2.10 - Multiple Input Validation Vulnerabilities
Foro Domus 2.10 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/16154/info Foro Domus is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation...
SCO OpenServer 5.0.7 - termsh Local Privilege Escalation
SCO OpenServer 5.0.7 - termsh Local Privilege Escalation / SCO Openserver 5.0.7 termsh exploit =================================== 'termsh' is a program to view or modify an existing terminal entry on SCO Openserver. A stack based overflow exists in the handling of command line arguements, namely...
CuteNews 1.4.1 - categories.mdu Remote Command Execution
CuteNews 1.4.1 - categories.mdu Remote Command Execution !/usr/bin/perl cijfer-cnxpl - CuteNews All rights reserved. 1. example cijfer@kalma:/research$ ./cijfer-cnxpl.pl -h www.xxxx.org -d /news [email protected] /$ id;uname -a uid=48apache gid=48apache groups=48apache,29000webserving...
Linux Kernel <= 2.6.11 (CPL 0) Local Root Exploit (k-rad3.c)
Exploit for linux platform in category local exploits ============================================================ Linux Kernel Modified 2005/9 by alert7 XFOCUS Security Team http://www.xfocus.org gcc -o k-rad3 k-rad3.c -static -O2 tested succeed : on default installed RHEL42.6.9-5.EL and...
IceWarp Universal WebMail - '/accounts/inc/include.php' Multiple Remote File Inclusions
source: https://www.securityfocus.com/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal WebMail into their suites. An attacker can exploit these issues to include arbitra...
Soft4e ECW-Cart 2.0.3 - Multiple Cross-Site Scripting Vulnerabilities
Soft4e ECW-Cart 2.0.3 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/15890/info ECW-Cart is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker...
QuickPayPro 3.1 - subscribers.tracking.edit.php?subtrackingid SQL Injection
QuickPayPro 3.1 - subscribers.tracking.edit.php?subtrackingid SQL Injection source: https://www.securityfocus.com/bid/15863/info QuickPayPro is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input...
Website Baker <= 2.6.0 Login Bypass / Remote Code Execution Exploit
Exploit for unknown platform in category web applications =================================================================== Website Baker this works with magicquotesgpc off usage: launch from Apache, fill in requested fields, then go! Sun Tzu: "The control of a large force is the same principle...
Zen-Cart <= 1.2.6d blind SQL injection / remote commands execution:
Zen-Cart = 1.2.6d blind SQL injection / remote commands execution: software: site: http://www.zencart.com/ description:"Zen Cart™ truly is the art of e-commerce; a free, user-friendly, open source shopping cart system. The software is being developed by group of like-minded shop owners,...
DoceboLms 2.0.4 - connector.php Arbitrary File Upload
DoceboLms 2.0.4 - connector.php Arbitrary File Upload DoceboLMS body background-color:111111; SCROLLBAR-ARROW-COLOR: ffffff; SCROLLBAR-BASE-COLOR: black; CURSOR: crosshair; color: 1CB081; img background-color: FFFFFF !important input background-color: 303030 !important option background-color:...
Netzbrett 1.5.1 - 'P_Entry' SQL Injection
source: https://www.securityfocus.com/bid/15593/info Netzbrett is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the...
OTRS 2.0 - AgentTicketPlain Action Multiple SQL Injections
source: https://www.securityfocus.com/bid/15537/info OTRS is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. The application is prone to multiple SQL-injection vulnerabilities, an HTML-injection...
Google Search Appliance proxystylesheet XSLT Java Code Execution
Exploit for hardware platform in category remote exploits ================================================================ Google Search Appliance proxystylesheet XSLT Java Code Execution ================================================================ This file is part of the Metasploit Framewor...